CVE-2023-46931 — Out-of-bounds Write in Gpac

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedNov 1

Description

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgpac/gpac2.3-dev-rev605-gfc9e29089-master

▶debiandebian/gpac

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2023-46931: GPAC 2↗2023-11-01

▶

GHSA

GHSA-mh8h-8fcp-q2hp: GPAC 2↗2023-11-01

▶

📋Vendor Advisories

Debian

CVE-2023-46931: gpac - GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_p...↗2023

▶